package com.xxl.filter;

import com.xxl.service.BlogService;
import com.xxl.util.ConstantField;
import org.springframework.core.annotation.Order;

import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;

/**
 * 权限认证  例如vip的
 * 这里是过滤是不是vip的
 * @author xxl
 * @date 2023/4/4
 */
@WebFilter(filterName = "AuthorizationFilter",urlPatterns = {"/blog/collect/*"},description = "权限认证过滤器")
@Order(522)
public class AuthorizationFilter extends AuthorizationAndAuthenticationBaseFilter {
    @Resource
    BlogService blogService;
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        super.doFilter(request,response,chain);
        HttpServletResponse resp = (HttpServletResponse) response;
        HttpServletRequest rep = (HttpServletRequest) request;
        //查询这个人收藏了多少博客
        List<String> list = blogService.queryAllBlogByUsername(userDto.getUsername());
        //10篇以上就是需要vip1才可以
        if (list.size() >= 10) {
            String s = userDto.getRoleDto().getRoleRuth().split(":")[1];
            //如果权限等于normal就不能收藏
            if (ConstantField.AUTHORIZE_NORMAL.equals(s)) {
                resp.sendRedirect(rep.getContextPath()+"/noAuth/noPermission");
                return;
            }
        }
        chain.doFilter(request, response);
    }
}
